The conflict of interest between data sharing and data privacy : a middleware approach

View/Open

Date

Author

Metadata

Abstract

People who are referred to as data owners in this study, use the Internet for various purposes and
one of those is using online services like Gmail, Facebook, Twitter and so on. These online services
are offered by organizations which are referred to as data controllers. When data owners use these
service provided by data controllers they usually have to agree to the terms and conditions which
gives data controllers indemnity against any privacy issues that may be raised by the data owner. Data
controllers are then free to share that data with any other organizations, referred to as third parties.
Though data controllers are protected from lawsuits it does not necessarily mean they are free of any
act that may be considered a privacy violation by the data owner. This thesis aims to arrive at a design
proposition using the design science research paradigm for a middleware extension, specifically
focused on the Tomcat server which is a servlet engine running on the JVM. The design proposition
proposes a client side annotation based API to be used by developers to specify classes which will
carry data outside the scope of the data controller's system to a third party system, the specified
classes will then have code weaved in that will communicate with a Privacy Engine component that
will determine based on data owner's preferences if their data should be shared or not. The output of
this study is a privacy enhancing platform that comprises of three components the client side
annotation based API used by developers, an extension to Tomcat and finally a Privacy Engine.